Black Hat USA 2022 https://www.blackhat.com/us-22 never fails to deliver exciting, enlightening, and distressing discussions about the state of cybersecurity. Analysts saw this at Black Hat impressed and worried us the most. If you could not make the trip, here is a summary of 14 Black Hat topics.
The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification warning of malicious cyber actors using proxies and configurations for credential stuffing attacks on organizations within the United States.
See: https://www.ic3.gov/Media/News/2022/220818.pdf
Credential stuffing is a form of brute force attack and shares many of the same commonalities that exploit leaked user credentials or ones purchased on the Dark Web that takes advantage of the fact that many individua
Russian cyberespionage group APT29, responsible for the devastating SolarWinds supply chain attacks in 2020, is back in the news. In a technical report published by Microsoft, the APT29 cyber-spies have acquired authentication bypass of a new post-exploitation tactic. Microsoft previously tracked the actors as Nobelium (a), Cozy Bear (b), and the Dukes (C).
Findings Details: Microsoft wrote in its report that the hackers are targeting corporate networks with a new authentication bypassing tec
Our monthly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-242-001_IntelSummary242.pdf
If you ever have the good fortune to be leaving your office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you are away? Equally important is do you have the right action plan in place for a happy vacation? As its name indicates, security validation is a process or a technology that validates assumptions made about the actual security posture of a given environment, structure, or infrastructure.[1]
In the digital world, there a
A victim of a ransomware attack paid to restore access to their network, but the cybercriminals did not hold up their end of the deal. The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, occurred in August 2021, when hackers from the BlackMatter ransomware group used a phishing email to compromise a single victim's account at an undisclosed company. First seen in July 2021, BlackMatter is a ransomware-as-a-service (RaaS) tool that allows the ransomware's dev
Security researchers have warned that countless global organizations might be at risk of remote compromise after discovering more than 8000 exposed Virtual Network Computing (VNC) instances. Virtual networking enables communication between multiple computers, virtual machines (VMs), virtual servers, or other devices across different office and data center locations. While physical networking connects computers through cabling and other hardware, virtual networking extends these capabilities by u
The Agency for National Security, ANB, said on Friday that Russian services have organized coordinated cyber-attacks on Montenegrin government servers twice since 22 August 2022. The ANB told media that Montenegro is in what it called a hybrid war at the moment. “Coordinated Russian services are behind the cyber-attack. This kind of attack was carried out for the first time in Montenegro, and it has been prepared for a long period of time,” the ANB told media.
On 22 August, the government repo
They say, “Ya gotta Play, to Win.” Many state lotteries are now online through the Internet. But in New Hampshire, playing the lottery on the Internet could be hazardous. Clicking unknown pop-ups on the Internet is never a good idea and it wasn’t in NH this past Friday.
The New Hampshire Lottery website is back in service after the agency faced a cyber-attack on 26 August that attempted to trick users into clicking a pop-up and downloading malware. “The (cyber) attack resulted in the creati
‘AI cannot be an excuse’: What happens when Meta’s chatbot brands a college professor a terrorist? Chatbots can often be wrong. Is there any recourse?
Marietje Schaake has had a long and distinguished career. She has been an advisor to the US ambassador to the Netherlands and consulted with the Dutch Ministry of Foreign Affairs. For 10 years, she was a member of the European Parliament, crafting laws that covered hundreds of millions of people, focusing specifically on digital freedoms. Sh
Siemens Executive Summary: It is increasingly important to incorporate safety systems into vehicles. With advancements in vehicle electrification and autonomous vehicles (AV), the automotive industry is undergoing a transition that is safer and more environmentally friendly. This white paper discusses the transitions occurring in the automotive industry and what considerations for integrated safety system designs are relevant today or are expected to gain relevance in the coming years. The r
The Newcomer’s Guide to Cyber Threat Actor Naming (original article from 2018)
I was driven by a deep frustration when I started my public “APT Groups and Operations” spreadsheet in 2015. I couldn’t understand why I had to handle so many different names for the same threat actor. Today (2018), I understand the reasons for the different names and would like to explain to them so newcomers stop asking for standardization. Off the record: you just reveal a lack of insight by demanding complete st
Link to full report: IR-22-238-001_weekly238.pdf
Benjamin Franklin had it right so many years ago: “An Ounce of Prevention is Worth a Pound in Cure.” An ounce of prevention in cyber security is now a requirement. Due to the number of cybersecurity firms that have entered the market in recent years, it is evident that all industries are reaching a level of heightened anxiety. Some organizations are on alert because they know their networks have already been targeted by state-sponsored hackers, others know their executives are being targeted
A security awareness and training program is a critical element of any organization. It is how we can distribute security information in the workforce. By establishing and maintaining a robust security awareness and training program we can provide the workforce with the information and tools, they need to protect the organization's vital information. In this aspect, all users have information security responsibilities.
It is not unusual for organizations to treat awareness and training as two se
Since 2018, Proofpoint researchers have tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Latin America and sometimes North America, and western Europe. The actor sends malicious emails written in Portuguese, Spanish, and sometimes English. The emails use reservation-themed lures with business-relevant themes such as hotel room bookings. The emails may contain malicious attachments or URLs aiming to distribute one of at l
Pen testing and vulnerability scanning are often confused for the same service. The problem is business owners often use one when they really need the other. People frequently confuse penetration testing and vulnerability scanning. Both services look for weaknesses in your IT infrastructure by exploring your systems the same way an actual hacker would.
Penetration testing is a manual security assessment where cyber security professional attempts to find a way to break into your systems. It's
Back in 1968, the Rolling Stones came out with a song titled, “Sympathy for the Devil.” The lyrics try to offer sympathy for a demon. So, the following story of a kid hacker tries to offer some sympathy for a criminal hacker. As one of Britain’s most notorious cyber criminals, Daniel Kelley played a leading role in the 2015 TalkTalk data breach. The hack was catastrophic for the telecoms firm, resulting in a financial loss of £77 million (€90.7 million) and the stolen data of over 150,000 cus
Tesla is set to unveil a new humanoid robot, Optimus, in late September 2022. There has been a lot of speculation surrounding Tesla's strategy in entering the robotics market, and a recent post by Elon Musk sheds some new light.
In the post, published in China's Cyberspace Administration's official publication, Musk continued to make the point underlined since announcing the Tesla Bot project in 2021: That Tesla, because of its major investments in autonomous driving, is arguably the biggest ro
Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps). Google explained the attack, which occurred on 1 June 2022, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the Mēris attack family.
Google said its Cloud Armor Adaptive Protection was able to detect and analyze the traffic ea
